Microsoft to 'killbit' MSXML4

Microsoft to 'killbit' MSXML4

Summary: Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

SHARE:
TOPICS: Security, CXO, Microsoft
3
Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

The killbit, also known as a registry key update, applies to Internet Explorer only and is expected to happen in the October-December 2007 time frame, according to a notice posted to Redmond's XML team blog.

"We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience," the group said.

Support for MSXML4 going forward will be restricted to high impact security issues only.

The decision comes on the heels of last November's malware attacks against a code execution vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services. This flaw affected systems where MSXML4 was installed.

Microsoft released a security bulletin (MS06-071) with patches to address the vulnerability.

Topics: Security, CXO, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • What the MS XML team blog *really* said was...

    not

    "We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML"

    but

    "We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience.

    Note the 6. There's a new version coming. It's not like MSXML won't be available via IE going forward from the turning off of v4.
    dpnewkirk
    • What they actually say.....

      .... is MSXML ver 6 is in IE7 (you think they'd get the version numbers matched!), ver 5 is MS-Office only, ver 4 is riddled with holes and if you can't use version 6 then use version 3.

      Phew! And George Ou waffles on about JREs being confusing!!!!!

      At least with everybody else's browser you just invoke one object.
      bportlock
    • copy/paste boo-boo

      This is a screwup in my copy/pasting. I've fixed that sentence in the post. My apologies.

      _ryan
      Ryan Naraine